All posts by shadowcouncils

How to Secure a VM’s RDP. Not every bear out there is Winnie the Pooh, and we have caught some interesting bears caught in our honeypots.

One of the most hit aspects of security is RDP on the default ports with poor password governance. – “But doesn’t everyone use 40-100 char passwords that change every 3 days and user names that would confuse C3PO?”.

The answer from the average security person is. “Heck yea everyone should”, but we all know the truth. A username of “admin” and a password of “password” only keeps your kids and the neighbors from getting into your router. It doesn’t do much good against brute force attacks.

… Let’s get started. This demo assumes you have already setup a virtual machine in ARM in Azure with Remote Desktop Protocol already working on the default IP and port.

Part 1: Create Load Balancer

-“Ok Done! We are with you but what is with all the tomfoolery! What is this magic you speak of?”

The magic comes in with the Load Balancer. First things first, let’s create that.

Add New Load Balancer.

Give the Load balancer a public IP. This will allow it to be seen on the “interwebs”.

Name the IP address and make it static. (Unless you want Dynamic, but you will need to get your Load Balancers IP when it changes.)

We then make sure everything is properly assigned and set the Resource Group to the same one as the Virtual Machine.

Open the Load Balancer you just created.

Add New Inbound Nat Rule to the Load balancer.

-“Hey this isn’t magic or gnomes! I set this up in my router in the 90’s, you know back when IRC was cool and my email address ended in compuserve”.

You got me, this is just like that.

Figure out the Port you want to connect to on the external Load Balancer

Forward that to 3389 internally.

Step 1.

Set NAT Rule you can point to an AS or just a single VM..

This should make it so you can hit the Load balancers IP:PORT and get into RDP.

*Port would be something like 4000 or 10001. If your IP were 169.0.0.1. Then your RDP line would read 169.0.0.1:4000 or 169.0.0.1: 10001. Those would translate to the 3389 port internally and still connect you to the VM via RDP.

– For all you kids raising your hands out there. Yes 169. addresses usually mean no DHCP could be contacted and that IP should never happen. – Overachievers!

Any other ports that need to make it through here you can also set up 1 rule per. HTTP, HTTPS etc. You can keep the PORTS the same if you just want a pass through. You can keep them or NAT translate them.

If you lost RDP access after setting your inbound rule to another IP. You can get it back by setting the RDP back to 3389 and then “redeploying” You can get the box to give you access again. This is a work around to get access back only if you tried using the Inbound rule to “port forward as a different port” through the Azure Security Group and didn’t change it internally on the VM itself.

I was very happy to see that there is finally some alternatives with built in WIFI!
These should come in handy for all sorts of engineering designs as it has less “loose part” than you would see with a PI in general.

Why would you use Hadoop or hdinsight ?
Money… its cheaper to deal with large amounts of data on cheap hardware. Now we do it in the cloud and hte compute instance are valid.

TO have hadoop and blob storage – HDInsight.

To not charge you money, delete it. rather than spin down.

Job scheduling service – UZI
HIVE – SQL like query ontop of data.
Those can store metadata in the database.

These columns are related to directory in storage you can store it in an external database. You can store Metadata in SQL then you can use that metadata against the blobs
Base is a no sql data store. (Great access time), has management API
Storm – real time event processing plug components together or a graph, inputs and as stream between parts. Using glasses. If you never take the cluster down you don’t want to do the offset again. Made in Java you can extend it to work with any programming language.
Storm in Python.

Spark is a cluster type, just came out of preview, for windows. NEAR REAL TIME BATCH PROCESSING

SPARK is the new one. changes to MapReduce.
Jupiter tries to run everything in memory so its faster.

I got to help run the Hack Atlanta event this weekend. I saw some brilliant developers out there. I was able to help mentor and even gave away some personal equipment as prizes since I was soo damn impressed.

I got to work with some really nice and talented staff fro MS on the TE team.